Amazon alters strategy to win landmark CIA contract

It was a contract that Amazon.com’s business-technology group wasn’t supposed to get.

The CIA, an organization whose data is among the most protected in the world, asked for bids last year on a contract to provide the agency Web-based tech infrastructure. Longtime government contractors — IBM, among others — seemed likely winners.

So when Amazon Web Services, or AWS, won the $600 million contract in January, IBM cried foul. Big Blue argued that the agency did not properly evaluate IBM’s bid, and the General Accountability Office, which reviewed the contract, agreed in part.

Now, Amazon is bidding again for the contract while also challenging in federal court the CIA’s ability to reopen the bidding.

Both winning the contract and sparking IBM’s ire are coming-of-age moments for AWS. The division, which Amazon launched in 2006, rents data storage and computer-server time to corporations and agencies to run core business processes.

AWS generates roughly $3 billion in annual revenue, according to analyst estimates, by offering services to businesses at a fraction of what it would cost if those businesses owned and ran their own computers.

And it’s emerged as the leader in providing Web-based infrastructure technology to customers, a business that’s come to be known as cloud computing. According to a new report from research firm Gartner, AWS is “the overwhelming market share leader,” with more than five times the combined computational capacity of the next 14 rivals Gartner follows.

But handling so-called mission-critical operations and ultra-secure data isn’t where AWS initially made hay. Some competitors and even some corporate tech buyers still dismiss AWS as technology provided by an online bookseller, suggesting it’s not capable of handling the demands essential to running government agencies and companies in the business of managing sensitive data.

So while there are examples of AWS running mission-critical operations, a contract from the CIA could put remaining questions to rest. That’s why the contract is so important to Amazon.

If the nation’s top spy agency is willing to rely on AWS to secure its network, surely other customers can rely on its technology as well.

“It’s a lighthouse win,” said James Staten, an analyst with Forrester Research. “It will say to other clients that this is safe.”

IBM’s challenge is certainly about angling for the lucrative government contract. But it’s also about slowing AWS’s march into the complex computing that once was the domain of a handful of companies, including IBM, that sold, rather than rented, the hardware and software that demanding customers needed.

IBM went out of its way to cite its track record as it reacted to Amazon’s suit, which seeks to block the rebidding of the contract.

“Unlike Amazon, IBM has a long history of delivering successful transformational projects like this for the U.S. government,” IBM spokesman Clint Roswell said. “IBM has been delivering trusted and secure cloud services to business and government clients for many years and developed virtualization technologies, which have led to cloud computing.”

To be clear, the contract is not exactly the type every customer will get from the company.

AWS typically offers its Web-based services in what’s known as a “public cloud.” That’s jargon for services that run on computer servers Amazon owns, delivered securely over the Internet in much the same way that electricity or water is delivered to homes.

But the CIA deal calls for Amazon to manage a private data center owned by the agency. There’s no way that the top spy agency would let that data flow over the Web in the same way AWS does for clients such as Airbnb, when it books rooms for vacationers, or Netflix, when it streams videos to customers. The CIA needs a level of security that goes well beyond what AWS typically provides.

While neither the agency nor Amazon will discuss the specifics of the contract, public documents make it clear that AWS was willing to alter its approach to win this contract. The CIA would be the first AWS client to have the servers that handle its computing on its premises, rather than in buildings owned or leased by Amazon.

It’s not an idle distinction. Amazon has pursued public-cloud computing with a near-religious zeal. Delivering generic computing building blocks that customers could snap together like Lego bricks and dismantle to meet their needs at any moment has been the key to the division’s growth.

Putting any of its technology behind a so-called “private cloud” could undermine that message.

To be clear, some of this is semantics. If Amazon is operating the cloud offering, it may not much matter where it is located. The agency’s request for proposals for the contract referred to the services needed as a “public cloud,” according to an Amazon court filing.

But providing those services from a customer’s premises is something new for Amazon, a move it no doubt made to acknowledge business realities. There are plenty of organizations that either won’t or can’t have their computing done from servers run at Amazon facilities, for all sorts of regulatory and security reasons.

It’s something the company has recognized. It began to move down this road when it launched something called FinQloud, which it developed for Nasdaq to meet with regulatory and security requirements, and GovCloud, an isolated operation that allows U.S. government agencies to use cloud computing while still meeting compliance requirements.

For AWS, which wanted both the huge CIA contract and the validation of its services, shifting a bit on strategy was a no-brainer. And that shift may mean that AWS will consider private-cloud deals going forward.

“It says if you’re willing to spend $600 million, Amazon is willing to play ball,” Gartner’s Lydia Leong said. “But a potential customer might be able to spend less and still get them to compete for a private-cloud contract.”

The IBM challenge to the contract threatens to undermine AWS’ bid to take on traditional suppliers of technology to businesses. Without offering details, IBM contended that AWS’ winning the contract was based on “inaccuracies in the government’s assessment” of its proposal.

The GAO agreed, which led to new bids that were due Aug. 16.

While Amazon is participating in the rebidding, it argues in its July suit against the government to block the process that IBM’s claims were “untimely and meritless.”

In that suit, made public last week, Amazon said IBM wouldn’t be able to provide the type of cloud computing the CIA wants. And Amazon said the GAO’s suggestion to reopen the bidding was “arbitrary and capricious” and violates federal contracting law.

The stakes are particularly high for AWS. Just as winning the contract was a point of validation for a service, losing a contract it had once won could undermine the perception that its services are capable enough for the most demanding customers.